HN Reader

The unreasonable effectiveness of fuzzing for porting programs (rjp.io)

126 points by Bogdanp 5h ago 17 comments

Show HN: Workout.cool – Open-source fitness coaching platform (github.com)

475 points by surgomat 9h ago 154 comments

My iPhone 8 Refuses to Die: Now It's a Solar-Powered Vision OCR Server (terminalbytes.com)

132 points by hemant6488 6h ago 40 comments

Writing documentation for AI: best practices (docs.kapa.ai)

101 points by mooreds 5h ago 28 comments

Poline – An enigmatic color palette generator using polar coordinates (meodai.github.io)

160 points by zdw 3d ago 34 comments

Show HN: I built a tensor library from scratch in C++/CUDA (github.com)

74 points by nirw4nna 6h ago 10 comments

Homomorphically Encrypting CRDTs (jakelazaroff.com)

173 points by jakelazaroff 8h ago 53 comments

Game Hacking – Valve Anti-Cheat (VAC) (codeneverdies.github.io)

69 points by LorenDB 4h ago 59 comments

Terpstra Keyboard (terpstrakeyboard.com)

190 points by xeonmc 11h ago 69 comments

MiniMax-M1 open-weight, large-scale hybrid-attention reasoning model (github.com)

306 points by danboarder 15h ago 68 comments

Introduction to the A* Algorithm (2014) (redblobgames.com)

208 points by auraham 1d ago 82 comments

Is there a half-life for the success rates of AI agents? (tobyord.com)

173 points by EvgeniyZh 11h ago 91 comments

Yes I Will Read Ulysses Yes (theatlantic.com)

45 points by petethomas 4h ago 50 comments

Scrappy – Make little apps for you and your friends (pontus.granstrom.me)

396 points by 8organicbits 16h ago 128 comments

Framework Laptop 12 review (arstechnica.com)

172 points by moelf 6h ago 224 comments

Attimet (YC F24) – Quant Trading Research Lab – Is Hiring Founding Engineer (ycombinator.com)

1 points by kbanothu 4h ago 0 comments

Revisiting Minsky's Society of Mind in 2025 (suthakamal.substack.com)

50 points by suthakamal 6h ago 19 comments

The Matrix (1999) Filming Locations – Shot-for-Shot – Sydney, Australia [video] (youtube.com)

10 points by keepamovin 2d ago 10 comments

Locally hosting an internet-connected server (mjg59.dreamwidth.org)

137 points by pabs3 16h ago 131 comments

I counted all of the yurts in Mongolia using machine learning (monroeclinton.com)

204 points by furkansahin 13h ago 79 comments

After millions of years, why are carnivorous plants still so small? (smithsonianmag.com)

185 points by gmays 5d ago 82 comments

A different take on S-expressions (gist.github.com)

42 points by tearflake 3d ago 30 comments

Should we design for iffy internet? (bytes.zone)

48 points by surprisetalk 2d ago 31 comments

The Grug Brained Developer (2022) (grugbrain.dev)

993 points by smartmic 1d ago 489 comments

PWM flicker: Invisible light that's harming our health? (caseorganic.medium.com)

37 points by SLHamlet 4h ago 45 comments

Building agents using streaming SQL queries (morling.dev)

81 points by rmoff 6h ago 7 comments

Show HN: Trieve CLI – Terminal-based LLM agent loop with search tool for PDFs (github.com)

19 points by skeptrune 8h ago 7 comments

Real-time action chunking with large models (pi.website)

62 points by pr337h4m 1d ago 7 comments

Spherical CNNs (2018) (arxiv.org)

11 points by rkp8000 2d ago 1 comments

Reasoning by Superposition: A Perspective on Chain of Continuous Thought (arxiv.org)

43 points by danielmorozoff 9h ago 1 comments

Show HN: Free local security checks for AI coding in VSCode, Cursor and Windsurf

23 points by jaimefjorge 9h ago 12 comments

Show HN: Lstr – A modern, interactive tree command written in Rust (github.com)

201 points by w108bmg 19h ago 60 comments

Spatializing 6k years of global urbanization from 3700 BC to AD 2000 (nature.com)

28 points by talonx 3d ago 3 comments

US FDA approves Gilead's twice-yearly injection for HIV prevention (reuters.com)

23 points by JumpCrisscross 2h ago 4 comments

Building Effective AI Agents (anthropic.com)

497 points by Anon84 1d ago 85 comments

Honda conducts successful launch and landing of experimental reusable rocket (global.honda)

1241 points by LorenDB 1d ago 388 comments

Show HN: Delve, an open source (AGPL) enterprise-grade data analytics platform (github.com)

12 points by ilovetux 5h ago 10 comments

What Google Translate can tell us about vibecoding (ingrids.space)

270 points by todsacerdoti 1d ago 158 comments

Now might be the best time to learn software development (substack.com)

331 points by nathanfig 1d ago 317 comments

Think of a Number (xenaproject.wordpress.com)

32 points by IdealeZahlen 3d ago 5 comments

3D-printed device splits white noise into an acoustic rainbow without power (phys.org)

219 points by rbanffy 3d ago 61 comments

GPT-4o shows humanlike patterns of cognitive dissonance moderated by free choice (pnas.org)

5 points by PaulHoule 1h ago 6 comments

The Bethesda Declaration (science.org)

78 points by perihelions 10h ago 24 comments

OpenSERDES – Open Hardware Serializer/Deserializer (SerDes) in Verilog (2020) (github.com)

75 points by peter_d_sherman 18h ago 9 comments

Making 2.5 Flash and 2.5 Pro GA, and introducing Gemini 2.5 Flash-Lite (blog.google)

361 points by meetpateltech 1d ago 209 comments

Resurrecting a dead torrent tracker and finding 3M peers (kianbradley.com)

618 points by k-ian 1d ago 195 comments

Why JPEGs still rule the web (2024) (spectrum.ieee.org)

215 points by purpleko 1d ago 382 comments

Munich from a Hamburger's Perspective (mertbulan.com)

66 points by toomuchtodo 3d ago 39 comments

A Straightforward Explanation of the Good Regulator Theorem (lesswrong.com)

40 points by surprisetalk 4d ago 4 comments

LLMs pose an interesting problem for DSL designers (kirancodes.me)

206 points by gopiandcode 1d ago 142 comments

Show HN: Free local security checks for AI coding in VSCode, Cursor and Windsurf

23 jaimefjorge 12 6/18/2025, 12:42:51 PM
Hi HN!

We just launched Codacy Guardrails, an IDE extension with a CLI for code analysis and MCP server that enforces security & quality rules on AI-generated code in real-time. It hooks into AI coding assistants (like VS Code Agent Mode, Cursor, Windsurf), silently scanning and fixing AI-suggested code that has vulnerabilities or violates your coding standards, while the code it’s being generated.

We built this because coding agents can be a double-edged sword. They do boost productivity, but can easily introduce insecure or non-compliant code. One recent research team at NYU found that 40% of Copilot’s outputs were buggy or exploitable [1]. Other surveys mention that people are spending more time debugging AI-generated code [2].

That's why we created “guardrails” to catch security problems early.

Codacy Guardrails uses a collection of open-source static analyzers (like Semgrep and Trivy) to scan the AI’s output against 2000+ rules. We currently support JavaScript/TypeScript, Python, and Java, focusing on things like OWASP Top 10 vulns, hardcoded secrets, dependency checks, code complexity and styling violations, and you can customize the rules to match your project’s needs. We're not using any AI models, it's “classic” static code analysis working alongside your AI assistant.

Here’s a quick demo: https://youtu.be/pB02u0ntQpM

The extension is free for all developers. (We do have paid plans for teams to apply rules centrally, but that’s not needed to use the extension and local code analysis with agents.)

Setup is pretty straightforward: Install the extension and enable Codacy’s CLI and MCP Server from the sidebar.

We’re eager to hear what the HN community thinks! Does this approach sound useful in your AI coding workflow? Have you encountered security issues from AI-generated code?

We hope Codacy Guardrails can make AI-assisted development a bit safer and more trustworthy. Thanks for reading!

Get extension: https://www.codacy.com/get-ide-extension Docs: https://docs.codacy.com/codacy-guardrails/codacy-guardrails-...

Sources [1]: NYU Research: https://www.researchgate.net/publication/388193053_Asleep_at... [2]: https://devops.com/survey-ai-tools-are-increasing-amount-of-...

Comments (12)

SkyPuncher · 54m ago
What's the use case for this compared to "standard" Codacy? What problem is solved by running this at code generation time vs the standard PR based feedback?

How do you avoid "context pollution" when the LLM inevitably cycles on an issue? I've specifically disable Cursor's "fix linter errors" feature because it constantly clogs up context.

brynary · 3h ago
@jaimefjorge — Congrats on the launch!

How would you compare this to the Qlty CLI (https://github.com/qltysh/qlty)?

Do you plan to support CLI-based workflows for tools like Claude Code and linting?

SpikedCola · 3h ago
On the https://www.codacy.com/get-ide-extension page, clicking the logo in the top-left corner of your webpage goes to https://www.codacy.com/home?hsLang=en which is 404. The logo link on other pages is working.
samschooler · 2h ago
quick nit: clicking on your logo on https://www.codacy.com/get-ide-extension goes to: https://www.codacy.com/home which 404s
godzillabrennus · 3h ago
Working on a 100% AI generated monolith so I plugged your web app into the repo and I installed the plugin in Windsurf. I'll see how it does and report back.
prophesi · 2h ago
Is it open source, and can the MCP server run locally in a sandboxed environment?
mdaniel · 2h ago
I guess "partially?" https://docs.codacy.com/chart/#2-installing-codacy:~:text=Th... but https://github.com/codacy/codacy-vscode-extension is MIT and https://github.com/codacy/codacy-mcp-server?tab=License-1-ov... is Apache 2

Also, a big fat raspberry for their use of tinyurl to obfuscate https://marketplace.visualstudio.com/items?itemName=codacy-a... -- just cruel

romain_batlle · 1h ago
Congrats on launch!
tosh · 8h ago
kudos @ shipping this jaime

Can you explain how/when the "guardrails" are run in Cursor? I mean: how does the extension hook in so that the code in the diff view gets changed?

Does this also work with agents like Claude Code and Amp? I guess since there is an MCP it can already work even though it's not explicitly mentioned in the docs?

What are your thoughts on running something like guardrails during dev-time vs CI time?

jaimefjorge · 8h ago
thanks tosh!

The guardrails are ran every time there is code being generated by the agent. We give instructions to the coding agents to run the guardrails on the code that is changed. It doesn't YET work with Claude Code and Amp but because it leverages an MCP server, we can easily do it. It's in the plans to do.

I think dev-time is critical, because AI is producing large swaths of code as we speak. We also make sure that regardless of what happens in dev time, we can always run our cloud checks in CI time. Thanks for your questions!

rdevzw · 7h ago
Just gave this a try, pretty interesting how a simple python script generated with two un-named models uses requests library version with CVE's. The scary part is, the script ran. This changes things in terms of leveraging AI. I will come back with more feedback soon, but for now, this is amazing
jaimefjorge · 7h ago
Hey thanks for testing! That's been my experience well, it's very frequent to see libraries with vulnerable versions being introduced in code. What's also interesting is that, despite using incredible AI coding models like Sonnet 4, you still get CVEs in your code. Try this with Codacy Guardrails: "create a Java server using undertow".

Thanks for testing. Please do share your feedback when you test further!

im3w1l · 52s ago
[delayed]